Security Portal: Kurt’s Closet: Postfix – the Sendmail replacement

“In all fairness Sendmail is a damn good MTA (Mail Transfer
Agent), Eric Allman originally wrote it with one main goal in mind:
the mail must get through. Unfortunately, when Sendmail was
originally written security wasn’t a major concern on the Internet
and it shows. Sendmail runs almost exclusively as the root user on
most systems, meaning any flaws are potentially very serious. In
addition to this Sendmail isn’t very good at handling high loads.
New mailers, such as Postfix, Zmailer, and Qmail are several times
faster then Sendmail on the same hardware. Until recently most of
the alternative mailers to Sendmail were not drop-in replacements,
to replace Sendmail was a painful task, and the new software
typically behaved differently then Sendmail. Postfix was designed
from the start to address all these problems.”

“Postfix does not run exclusively as root, instead a master
program (called “master”) runs as root and spawns off processes to
handle incoming, outgoing and local mail delivery as needed. Using
a series of modular components, each task is handled by a separate
program (which makes auditing it easier), for example outgoing
email is dumped into the queue directory by your software, where
“pickup” gets it and hands it to “cleanup”, which hands it to
“trivial-rewrite” which handles the headers, and finally is given
to “smtp” if bound for a foreign system. Postfix is also much
easier to setup for a chroot’ed environment than Sendmail is,
simply make a few edits to the master.cf file (typically in
/etc/postfix) and Postfix will run chroot’ed in its defined queue
directory (usually /var/spool/postfix). It is also possible to set
process limits for individual portions of postfix, again in the
master.cf file.”

“As stated before, replacing Sendmail with another MTA used to
be a very painful task, many mailers approached the “problems” in
Sendmail by doing things quite differently and require a pretty
extensive overhaul of the mail system, and a very different set of
configuration files. With Postfix you can use most of your existing
configuration files (such as access, aliases, virtusertable, etc.)
simply by defining them appropriately in the main.cf file. In
addition to this Postfix behaves like Sendmail, you can invoke
it using “sendmail”, get a listing of the mailq with “mailq”, feed
it pretty much the same options and so forth. I find a typical
Postfix conversion takes around 10 minutes for most

Complete Story